Tor Browser 4.5a3 is released

The third alpha release of the 4.5 series is available from the extended downloads page and also from our distribution directory.

Note: The individual bundles of the alpha series are signed by one of the subkeys of the Tor Browser Developers signing key from now on. You can find its fingerprint on the Signing Keys page. It is:

pub 4096R/0x4E2C6E8793298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7
DE68 4E2C 6E87 9329 8290

Tor Browser 4.5a3 is based on Firefox ESR 31.4.0, which features important security updates to Firefox. Its updater now contains the code for verifying signed update files and does not accept unsigned ones anymore. Moreover, this release includes an updated Tor, 0.2.6.2-alpha, an updated meek, 0.15, which is now working again, and a bunch of additional improvements and bugfixes.

Here is the changelog since 4.5-alpha-2:

  • All Platforms
    • Update Firefox to 31.4.0esr
    • Update Tor to 0.2.6.2-alpha
    • Update NoScript to 2.6.9.10
    • Update HTTPS Everywhere to 5.0developement.2
    • Update meek to 0.15
    • Update Torbutton to 1.8.1.3
      • Bug 13998: Handle changes in NoScript 2.6.9.8+
      • Bug 14100: Option to hide NetworkSettings menuitem
      • Bug 13079: Option to skip control port verification
      • Bug 13835: Option to change default Tor Browser homepage
      • Bug 11449: Fix new identity error if NoScript is not enabled
      • Bug 13881: Localize strings for tor circuit display
      • Bug 9387: Incorporate user feedback
      • Bug 13671: Fixup for circuit display if bridges are used
      • Translation updates
    • Update Tor Launcher 0.2.7.1
      • Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
      • Translation updates
    • Bug 13379: Sign our MAR files
    • Bug 13788: Fix broken meek in 4.5-alpha series
    • Bug 13439: No canvas prompt for content callers
Anonymous

January 19, 2015

Permalink

Well,meek-azure and meek-amazon are working in China,but obfs4 bridge is down.And a bug:I cannot open torbutton.

It`s torbrowser-install-4.5a3_zh-CN.exe.I downloaded it and extracted it,then I clicked "Start Tor Browser".I chose to use meek-azure and it worked normally,Tor Browser was open and I could open sites.But when I clicked torbutton,the button was not working,just no response.

Anonymous

January 20, 2015

Permalink

If 93298290/D40814E0 is the new signing key, TOR Developers need to post a signed message with the old key confirming this before it can be trusted.

Anonymous

January 21, 2015

Permalink

Can't download the 4.5a3 tor browser installation in fedora linux. It says "Either there's a network error either that you're being attacked." I downloaded it about seven times, but it continuously gives me error.

The same happens on debian jessie, using the tor browser launcher package... stating signature verification failed...You might be under attack or there might be just a networking problem...

Verifying the package in ~/.cache/torbrowser/download against the key using gpg works though...

the ingenious launcher doesn't let you choose the previous version which basically means you have to deploy this software without deb package management...

Not willing to do this... way to screw up usability tor-devs... I'm out.

Anonymous

January 21, 2015

Permalink

All governments in the world define a terrorist as,
A non violent peace activist,
A human rights activist,
A animal rights activist,
A property rights activist,
A climate change activist,
A government whistle blower,
A person who opposes "anti terrorist" laws,
A person who supports privacy,
A person who supports privacy on the internet,
A person who supports freedom of the press,
A person who supports freedom of speech,
A person who supports freedom of religion,
A person who supports human rights,
A person who supports animal rights,
And that is what all governments in the world define a "terrorist" as.
Also every single person who lives here in the United States is a suspect of "terrorism".

do you mean reliable as us gov documents? they rise diabolic agencies at people expenses and persecute anyone who disagree. have you ever heard about Snowden?
btw have you ever seen in spidernet headers like "tor developer officially declares that tor network is mainly used for porno distribution"??? or nobody asks for "reliable links" in spidernet?

place where big spi-ders nest? watch and catch their unaware victims?
place opposite to protected-net, family-net, safe-net...

Anonymous

January 22, 2015

Permalink

sometimes i'm using Tor on some websites it says:"we Detected you are using Adblock Addon on your browser"

while i didn't install any addons on Tor browser?

ofcourse when i Refresh Page after Few seconds it works True .indeed it seems it happen in some ips .

why does it happen? due to sharing computers? or something goes wrong?

i have the same poblem on some sites like :

http://www.receive-sms-online.info

We've detected that you're using AdBlock Plus or some other adblocking software. Please be aware that this is only contributing to the demise of the site. We need money to operate the site, and almost all of that comes from our online advertising. Please disable AdBlock Plus and refresh webpage!

but even when i refresh page for several times it happen nothing

i guess it's about bridges (some bridges)

Most ads display by using Javascript.I guess you activate NoScript ,and choose "globally prevent JS loading".Then ads in website cannot load normally,it looks like you are using adblock(or other addons that block ads) .And the website treat you as a adblock user.

Because that's one place of many that intelligent people get their news. If you get all your news from sources that think alike then your opinions are not yours.

Anonymous

January 26, 2015

Permalink

Reminder:

"Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript."

https://github.com/diafygi/webrtc-ips

Anonymous

January 26, 2015

Permalink

My Mozilla-browser blocks downloading "*.exe" and generates entries in
"SiteSecurityServiceState.txt". seems to be a new........ innovative feature.

Can anyone explain how to switch OFF this f*cking sh*t?
It's irritating and strange.

Anonymous

January 27, 2015

Permalink

Of course you won't publish this but it answers others concerns as to why TOR is built on Firefox.!!
------------------------------------
http://www.forbes.com/sites/timworstall/2013/01/22/so-why-is-google-fun…

For pretty much all of Mozilla’s money comes from Google. Some $300 million a year at present, a payment for Google being the default search page on any Firefox download. But Google already has an OS in the smartphone space. So, why is Google paying for the development of a competitor to its own product?
----------------------------------------------------
TOR developers are in bed with Mozilla staff, Mozilla is in bed with Google, Google are another arm of the NSA. Likewise Yahoo run by ex NSA staff. Think on!!

First of all, Let's be clear: Tor Browser is built on Firefox, but the Tor relay software itself isn't. If you have the technical know how, nothing is stopping you from using Tor with other browsers. It's not recommended because Tor Browser's patches to the Firefox code help with privacy and anonymity, but it's certainly possible.

Second, what do you suggest other than Firefox? Most commonly I've seen requests for Google Chrome (which is a bad idea for several reasons,) and exotic browsers for Linux that I've never been able to get confirmed even run under Windows (which limits the user base even further.) So, unless we decide to give up and hide under rocks we're going to have to accept the option that has the fewest negatives, and at the moment that seems to be using Firefox.

Anonymous

January 28, 2015

Permalink

Hey, i've posted to have problems to download *.exe, ALL files NAMED .exe, TBB too. Thats wasn't a troll posting.
May i should write "i have a serious problem" but that would be to exaggerated. I have alternatives respectively i can cheat around, name .exe to .txt or something else[sic!].
*.exe files get blocked.???WTF
CAN anybody help?
I was using zip version of an mozilla browser on windows7, enough info(-:, and it logs this blocking in
"SiteSecurityServicesState.txt".

NO.Defender(Microsoft) only!
"SiteSecurityServicesState.txt" is in the browser directory.
In "SiteSecurityServicesState.txt" something like "HSTS:0".
It seems DEFINITELY a BROWSER problem. Mis-configuration?

Strange if i am the only affected one.

Anonymous

January 28, 2015

Permalink

What's it with thepiratebay using that 'Cloudfare' crap. 'thepiratebay' is 'blocked' in totalitarian countries, so they is no avoiding it if you have to 'tunnel' your way out to the free net and free world.

Anonymous

January 31, 2015

Permalink

4.5 should ask for the security level before loading any page.

I think the eventual plan is to have it be part of the "configure" choices for the initial bootstrap screen.

I guess another option is to have it be part of that very initial screen, where you can choose to configure or connect. I think it's going to take some iterations before we get the UI part right.